Ubuntu Security Notice USN-360-1 highlights vulnerabilities in AWStats, including XSS risks and user authentication weaknesses that could expose sensitive data
awstats did not fully sanitize input, which was passed directly to the user's browser, allowing for an XSS attack